0

Security researchers at Securelist have found that the data “stolen” from Mark Karpeles’ computer actually contained a BTC-stealing Trojan that masqueraded as a back-end app for managing Mt.Gox trades. The app searched user directories for Bitcoin-related files – wallet.dat and bitcoin.conf – and uploaded them to a server that is now defunct.

The malware creates and executes the TibanneSocket.exe binary and searches for the files bitcoin.conf and wallet.dat – the latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all Bitcoins the user has in his possession for that specific account.